1
0
Fork 0
forked from s3lph/matemat

Use crypt with SHA512 instead of bcrypt. Going to change to BLOWFISH when adopting Python 3.7.

This commit is contained in:
s3lph 2018-06-15 22:30:35 +02:00
parent 2313237773
commit 2f2f6b73e9
3 changed files with 16 additions and 11 deletions

View file

@ -1,12 +1,18 @@
from typing import List, Optional, Any, Type
import bcrypt
import crypt
from matemat.primitives import User, Product
from matemat.exceptions import AuthenticationError, DatabaseConsistencyError
from matemat.db import DatabaseWrapper
# TODO: Change to METHOD_BLOWFISH when adopting Python 3.7
"""
The method to use for password hashing.
"""
_CRYPT_METHOD = crypt.METHOD_SHA512
class MatematDatabase(object):
"""
@ -92,7 +98,7 @@ class MatematDatabase(object):
:raises ValueError: If a user with the same name already exists.
"""
# Hash the password.
pwhash: str = bcrypt.hashpw(password.encode('utf-8'), bcrypt.gensalt(12))
pwhash: str = crypt.crypt(password, crypt.mksalt(_CRYPT_METHOD))
user_id: int = -1
with self.db.transaction() as c:
# Look up whether a user with the same name already exists.
@ -138,9 +144,9 @@ class MatematDatabase(object):
if row is None:
raise AuthenticationError('User does not exist')
user_id, username, email, pwhash, tkhash, admin, member = row
if password is not None and not bcrypt.checkpw(password.encode('utf-8'), pwhash):
if password is not None and crypt.crypt(password, pwhash) != pwhash:
raise AuthenticationError('Password mismatch')
elif touchkey is not None and tkhash is not None and not bcrypt.checkpw(touchkey.encode('utf-8'), tkhash):
elif touchkey is not None and tkhash is not None and crypt.crypt(touchkey, tkhash) != tkhash:
raise AuthenticationError('Touchkey mismatch')
elif touchkey is not None and tkhash is None:
raise AuthenticationError('Touchkey not set')
@ -165,10 +171,10 @@ class MatematDatabase(object):
if row is None:
raise AuthenticationError('User does not exist in database.')
# Verify the old password, if it should be verified.
if verify_password and not bcrypt.checkpw(oldpass.encode('utf-8'), row[0]):
if verify_password and crypt.crypt(oldpass, row[0]) != row[0]:
raise AuthenticationError('Old password does not match.')
# Hash the new password and write it to the database.
pwhash: str = bcrypt.hashpw(newpass.encode('utf-8'), bcrypt.gensalt(12))
pwhash: str = crypt.crypt(newpass, crypt.mksalt(_CRYPT_METHOD))
c.execute('''
UPDATE users SET password = :pwhash, lastchange = STRFTIME('%s', 'now') WHERE user_id = :user_id
''', {
@ -195,10 +201,10 @@ class MatematDatabase(object):
if row is None:
raise AuthenticationError('User does not exist in database.')
# Verify the password, if it should be verified.
if verify_password and not bcrypt.checkpw(password.encode('utf-8'), row[0]):
if verify_password and crypt.crypt(password, row[0]) != row[0]:
raise AuthenticationError('Password does not match.')
# Hash the new touchkey and write it to the database.
tkhash: str = bcrypt.hashpw(touchkey.encode('utf-8'), bcrypt.gensalt(12)) if touchkey is not None else None
tkhash: str = crypt.crypt(touchkey, crypt.mksalt(_CRYPT_METHOD)) if touchkey is not None else None
c.execute('''
UPDATE users SET touchkey = :tkhash, lastchange = STRFTIME('%s', 'now') WHERE user_id = :user_id
''', {

View file

@ -1,7 +1,7 @@
import unittest
import bcrypt
import crypt
from matemat.db import MatematDatabase
from matemat.exceptions import AuthenticationError, DatabaseConsistencyError
@ -58,7 +58,7 @@ class DatabaseTest(unittest.TestCase):
u = db.create_user('testuser', 'supersecurepassword', 'testuser@example.com')
# Add a touchkey without using the provided function
c.execute('''UPDATE users SET touchkey = :tkhash WHERE user_id = :user_id''', {
'tkhash': bcrypt.hashpw(b'0123', bcrypt.gensalt(12)),
'tkhash': crypt.crypt('0123', crypt.mksalt(crypt.METHOD_SHA512)),
'user_id': u.id
})
user = db.login('testuser', 'supersecurepassword')

View file

@ -1,2 +1 @@
bcrypt
apsw